Avenues for reporting fraud

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

a dedicated reporting line
an online form available through an internal or external website
avenues for protected disclosures if there is suspected wrongdoing within organisations.

Not having discreet or confidential ways for employees or external parties to report fraud and corruption can lead to:

an unethical workplace culture
fraudsters feeling confident that their actions will not be detected
reduced ability to detect and respond to fraud or corrupt activity
reduced action and accountability for preventing, detecting and responding to fraud and corruption
systemic fraud or corruption.

Methods to evaluate the effectiveness of this control include:

confirming that a consistent process exists for reporting fraud and corruption
confirming that the process for reporting fraud and corruption is easy to find and understand
confirming that the options for reporting fraud and corruption are clearly communicated
considering if the processes in place support the person reporting fraud and corruption
confirming if processes are compliant with the Protected Disclosures Act 2000
reviewing any cases where reporting did not result in follow-up action to see if changes are required for how and what information is obtained after an allegation of fraud
confirming that processes allow employees or external parties to report different types of fraud and corruption
confirming that processes can accommodate reports from a variety of sources, e.g. external individuals, employees, vendors and other organisations.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.